Evolution-X-Tensor/device_google_gs201
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
2474 commits 1 branch 0 tags 63 MiB
Commit graph

140 commits

Author SHA1 Message Date
Firman Hadi Prayoga
7599ba8e55 Add /dev/lwis-eeprom-m24c64x-3j1 entry to selinux policy. 
lwis-eeprom-m24c64x-3j1 used by camera hal to access
P22 front camere EEPROM device.

Bug: 207062209
Fix: 207062209
Test: Boot, no avc denied logs for eeprom
Change-Id: Ia12da5dbed1baef6d8a8ab2bf421b2987639e826
 2021-11-24 01:01:44 +00:00
Adam Shih
e5e4f9f2b7 make libOpenCL reachable 
Bug: 207300281
Test: boot with no relevant error log
Change-Id: I294d23e2b29afd62da5c2327175f0c163da98cf0
 2021-11-23 06:00:16 +00:00
George Chang
d15185b2d7 Fix SELinux error coming from hal_secure_element_gto and gto_ese2 
update hal_secure_element_st54spi/st33spi form gto/gto_ese2

hal_secure_element_gto.te => hal_secure_element_st54spi.te
[   10.846098] type=1400 audit(1637296724.408:40): avc: denied { map } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:40): avc: denied { map } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:39): avc: denied { getattr } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:38): avc: denied { open } for path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-19 12:38:44.408   776   776 I android.hardwar: type=1400 audit(0.0:37): avc: denied { read } for name="u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846033] type=1400 audit(1637296724.408:37): avc: denied { read } for comm="android.hardwar" name="u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846072] type=1400 audit(1637296724.408:38): avc: denied { open } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
[   10.846086] type=1400 audit(1637296724.408:39): avc: denied { getattr } for comm="android.hardwar" path="/dev/__properties__/u:object_r:vendor_secure_element_prop:s0" dev="tmpfs" ino=327 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=file permissive=1
11-11 09:38:59.132   785   785 I secure_element@: type=1400 audit(0.0:100): avc: denied { write } for name="property_service" dev="tmpfs" ino=357 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
11-11 09:38:59.132   785   785 I secure_element@: type=1400 audit(0.0:101): avc: denied { connectto } for path="/dev/socket/property_service" scontext=u:r:hal_secure_element_gto:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   19.593472] type=1400 audit(1636594739.132:101): avc: denied { connectto } for comm="secure_element@" path="/dev/socket/property_service" scontext=u:r:hal_secure_element_gto:s0 tcontext=u:r:init:s0 tclass=unix_stream_socket permissive=1
[   19.593175] type=1400 audit(1636594739.132:100): avc: denied { write } for comm="secure_element@" name="property_service" dev="tmpfs" ino=357 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:property_socket:s0 tclass=sock_file permissive=1
11-09 12:04:08.620   786   786 I secure_element@: type=1400 audit(0.0:135): avc: denied { open } for path="/dev/st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.142141] type=1400 audit(1636430648.620:135): avc: denied { open } for comm="secure_element@" path="/dev/st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.141947] type=1400 audit(1636430648.620:134): avc: denied { read write } for comm="secure_element@" name="st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-09 12:04:08.620   786   786 I secure_element@: type=1400 audit(0.0:134): avc: denied { read write } for name="st54spi" dev="tmpfs" ino=584 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-04 13:27:24.564     1     1 I /system/bin/init: type=1107 audit(0.0:52): uid=0 auid=4294967295 ses=4294967295 subj=u:r:init:s0 msg='avc: denied { set } for property=persist.vendor.se.reset pid=772 uid=1068 gid=1068 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:vendor_secure_element_prop:s0 tclass=property_service permissive=1'
11-19 10:22:25.052   797   797 I secure_element@: type=1400 audit(0.0:49): avc: denied { read write } for name="st21nfc" dev="tmpfs" ino=708 scontext=u:r:hal_secure_element_st54spi:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1
11-19 10:22:25.052   797   797 I secure_element@: type=1400 audit(0.0:50): avc: denied { open } for path="/dev/st21nfc" dev="tmpfs" ino=708 scontext=u:r:hal_secure_element_st54spi:s0 tcontext=u:object_r:nfc_device:s0 tclass=chr_file permissive=1

hal_secure_element_gto_ese2 =>  hal_secure_element_st33spi.te
11-09 12:04:09.140   771   771 I secure_element@: type=1400 audit(0.0:137): avc: denied { open } for path="/dev/st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.660987] type=1400 audit(1636430649.140:137): avc: denied { open } for comm="secure_element@" path="/dev/st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
[   17.660845] type=1400 audit(1636430649.140:136): avc: denied { read write } for comm="secure_element@" name="st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1
11-09 12:04:09.140   771   771 I secure_element@: type=1400 audit(0.0:136): avc: denied { read write } for name="st33spi" dev="tmpfs" ino=728 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:secure_element_device:s0 tclass=chr_file permissive=1

Bug: 207062261
Bug: 205073164
Bug: 205656951
Bug: 205657039
Bug: 205904452
Test: check avc without secure_element
Change-Id: I312299deb6d6bfa353e7936d41a723e75d3ea06b
 2021-11-22 02:59:34 +00:00
Adam Shih
e72ecd59d8 fix UWB app settings and zygote library access 
11-16 14:46:01.647   446   446 E SELinux : avc:  denied  { add } for pid=2502 uid=1083 name=uwb_vendor scontext=u:r:uwb_vendor_app:s0:c59,c260,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=1
11-16 14:41:41.238   440   440 E SELinux : avc:  denied  { find } for pid=2555 uid=1083 name=hardware.qorvo.uwb.IUwb/default scontext=u:r:uwb_vendor_app:s0:c59,c260,c512,c768 tcontext=u:object_r:default_android_service:s0 tclass=service_manager permissive=1
Bug: 206331617
Bug: 206045471
Bug: 205904384
Test: boot with no zygote errors

Change-Id: I5fe048434d430120334d172481b9cc07cff141dd
 2021-11-18 02:20:49 +00:00
Jenny Ho
d99197dd19 enable battery information dump 
Bug: 205071645
Signed-off-by: Jenny Ho <hsiufangho@google.com>
Change-Id: If811765d51add03d8d7a1f5e8276d2f56c7922a7
 2021-11-15 01:53:30 +00:00
Long Ling
5ff0c059b3 sepolicy: gs201: update label for hwc3 service 
Bug: 201321174
Change-Id: I5ecce6c513eecad22a463d52b7cfb718284f3c02
 2021-11-12 04:39:24 +00:00
Adam Shih
e3bb63ab1b Make display related libraries reachable 
Bug: 205780068
Bug: 205779849
Test: boot with no relevant error
Change-Id: I806ecb779690346674816b793a5da21acf1be59b
 2021-11-11 01:15:49 +00:00
Rex Lin
d6f5c71db9 Uwb: Create a new Uwb system service 
inherit from gs101-sepolicy

Signed-off-by: Rex Lin <rexcylin@google.com>

Bug: 201232020

Test: ranging works
Change-Id: I0567e6bda78a94c12da3401444faffb36586f331
 2021-10-29 12:43:07 +08:00
Adam Shih
11c3b49e36 review file_contexts 
Bug: 203025336
Test: check if every path exists
Change-Id: I156c4953a50d888e54249038b45992d134b4aaca
 2021-10-18 00:46:45 +00:00
Adam Shih
0b42f3ba82 review file_contexts 
Bug: 203025336
Test: boot to home and check if the files are there
Change-Id: I2b748b18cca389d7fdd8b1b472dcb1605e0ddaaa
 2021-10-14 13:34:33 +08:00
Konstantin Vyshetsky
54b0addb16 convert_to_f2fs.sh: add sepolicy 
Add entries for convert_to_f2fs.sh executable.

Bug: 202511062
Signed-off-by: Konstantin Vyshetsky <vkon@google.com>
Change-Id: I76ca5e169efec06f7a856e3938f50cfee5e6a7f3
 2021-10-14 02:17:56 +00:00
Adam Shih
a787a30f8d review trusty domains 
Bug: 198723116
Test: boot to home with trusty domains started
Change-Id: If5c6c0a75b6ad0eb032f637fd51ab2e4cea1e389
 2021-10-08 10:48:04 +08:00
Adam Shih
34693feadc review mediacodec 
Bug: 196916111
Test: boot with google and samsung mediacodec running
Change-Id: I7aaee5def774c8b7c19699f4da9b0b51f4869be9
 2021-10-06 00:47:41 +00:00
Kris Chen
fc82a2b242 fingerprint: Fix SELinux error 
Fix the following SELinux error:
E init    : Could not start service 'vendor.fps_hal' as part of class 'late_start': File /vendor/bin/hw/android.hardware.biometrics.fingerprint@2.1-service.goodix(labeled "u:object_r:vendor_file:s0") has incorrect label or no domain transition from u:r:init:s0 to another SELinux domain defined.

Bug: 201500671
Test: build and run on DUT.
Change-Id: I85bd89edfaa6aaca003a5be21f4a045ce5944ab9
 2021-10-05 03:44:27 +00:00
Adam Shih
16c10d6a33 review init-insmod-sh 
Bug: 196916111
Test: boot to home
Change-Id: I085ff319e08c65cfc3d51fb480259fa137f8e3f3
 2021-10-05 01:42:16 +00:00
Adam Shih
798b72ad9c review hal_tetheroffload_default 
Bug: 201599426
Test: boot to home with hal_tetheroffload_default started
Change-Id: I85491753dc7336eff285f61c71ad51840a13d7c3
 2021-10-05 01:42:16 +00:00
Adam Shih
618ea304d4 review tcpdump_logger 
Bug: 201599426
Test: boot with tcpdump_logger started
Change-Id: I023f48ea45b8d5a2180c91577241e9d9410469a4
 2021-09-30 14:40:10 +08:00
Adam Shih
5ec277bf7c review hal_wifi 
Bug: 201599426
Test: boot to home
Change-Id: I05538169275a7e8dc7638e075114440abda8c11b
 2021-09-30 11:13:35 +08:00
Adam Shih
82cdc92c84 review hal_usb 
Bug: 201599187
Test: boot with hal_usb_impl started
Change-Id: I77875c6911f6582454d666a57ed59cc1e386885b
 2021-09-30 11:00:43 +08:00
Adam Shih
ad68e7dc96 remove hal_health_default 
It will be easier to review it through boot test
Bug: 201230944
Test: boot to home

Change-Id: I5008c4054ce04f062a8ca01a1e2bfd4cfe8daf70
 2021-09-28 08:04:38 +08:00
Adam Shih
962e580a3c review hal_wlc 
Bug: 201230944
Test: boot with hal_wlc started
Change-Id: I81d5ff7ed4745fb6d760f59c6acc50cc1732c95e
 2021-09-28 08:03:15 +08:00
Adam Shih
368ac5f679 review hal_nfc_default 
Bug: 196916111
Test: boot to home with nfc hal started
Change-Id: Iee8c30777f83788ff703c8094c03182171d713c5
 2021-09-17 11:06:51 +08:00
Adam Shih
d57c9cd1fc review graphics related sepolicy 
Bug: 196916111
Test: boot to home
Change-Id: I43a875fb69e4237009b0515d8db6ebac8e2982b5
 2021-09-16 14:07:31 +08:00
Adam Shih
2a422d7159 remove fingerprint policy 
Bug: 196916111
Test: boot ot home with fingerprint hal started
Change-Id: I24a81eb5bae26120e66e7d77f9672566bb1f049b
 2021-09-13 14:59:36 +08:00
Adam Shih
6f97e91778 review init.radio.sh 
Bug: 198532074
Test: boot with init.radio.sh started
Change-Id: Ieb47925b319866cc648e4de9b34fc3153ba1717b
 2021-09-06 10:59:10 +08:00
Adam Shih
98ebd6e7f1 review tee 
Bug: 198723116
Test: boot with tee started
Change-Id: Ib50698834d16887fa00bdbbaf81801f1067909ba
 2021-09-03 15:26:51 +08:00
Adam Shih
b05c0902ad refactor hal_secure_element 
01-01 20:00:07.579   419   419 E SELinux : avc:  denied  { find } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto_ese2:s0 pid=748 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.595   419   419 E SELinux : avc:  denied  { add } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto_ese2:s0 pid=748 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.596   419   419 E SELinux : avc:  denied  { add } for interface=android.hidl.base::IBase sid=u:r:hal_secure_element_gto_ese2:s0 pid=748 scontext=u:r:hal_secure_element_gto_ese2:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.597   419   419 E SELinux : avc:  denied  { find } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto:s0 pid=749 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.597   419   419 E SELinux : avc:  denied  { find } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.599   419   419 E SELinux : avc:  denied  { add } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.600   419   419 E SELinux : avc:  denied  { add } for interface=android.hidl.base::IBase sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.601   419   419 E SELinux : avc:  denied  { add } for interface=android.hardware.secure_element::ISecureElement sid=u:r:hal_secure_element_gto:s0 pid=749 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:hal_secure_element_hwservice:s0 tclass=hwservice_manager permissive=1
01-01 20:00:07.602   419   419 E SELinux : avc:  denied  { add } for interface=android.hidl.base::IBase sid=u:r:hal_secure_element_gto:s0 pid=749 scontext=u:r:hal_secure_element_gto:s0 tcontext=u:object_r:hidl_base_hwservice:s0 tclass=hwservice_manager permissive=1
09-03 10:51:44.574   419   419 E SELinux : avc:  denied  { find } for interface=vendor.samsung_slsi.telephony.hardware.radioExternal::IOemSlsiRadioExternal sid=u:r:hal_secure_element_uicc:s0 pid=750 scontext=u:r:hal_secure_element_uicc:s0 tcontext=u:object_r:hal_exynos_rild_hwservice:s0 tclass=hwservice_manager permissive=1
Bug: 198713948
Test: boot with secure_element started
Change-Id: Ie79b80f3c0fbe21c898e6a67384d98a2cc282f93

Change-Id: I14d9f01b6ef901fd87e8927d691ce96a9b174ed3
 2021-09-03 15:26:38 +08:00
Adam Shih
18fb79d460 review rild 
Bug: 198532074
Test: boot with rild started
Change-Id: Ic29d2cbbb9691f1386c024d1438fdd050ef14b8f
 2021-09-03 15:25:10 +08:00
Kyle Tso
7295743ea6 Add file context for /dev/logbuffer_tcpm 
/dev/logbuffer_tcpm gets accessed by dumpstate while bugreport
generation.

(Port of ag/15019635)

Bug: 189792358
Signed-off-by: Kyle Tso <kyletso@google.com>
Change-Id: Id73f7c884f45364b5386a9fe13900cb94d914520
 2021-09-03 11:57:59 +08:00
Adam Shih
ff91ffd98a review rfsd 
Bug: 198532074
Test: boot with rfsd started
Change-Id: I183c75b5fad35eec56fbca693896c94f7a1ca410
 2021-09-02 14:48:13 +08:00
Adam Shih
a90c8fe1b5 review bootdevice_sysdev 
Bug: 196916111
Test: boot with bootdevice_sysdev labeled
Change-Id: I938fe18718356bf4156bb55937528a1ca3e072fb
 2021-09-02 13:24:46 +08:00
Adam Shih
91d989bca4 review mount and block devices 
Bug: 196916111
Test: make sure all path under ufs is labeled
Change-Id: Ic3e07e7341f838f54c483ab8b272407a70f1f8f2
 2021-09-02 12:49:38 +08:00
Adam Shih
ee0c81fbc6 review modem_svc_sit 
Bug: 198532074
Test: boot with modem_svc_sit started
Change-Id: I3018491564eb3bb5dafc5e9ad6446f353d54b18b
 2021-09-02 11:41:59 +08:00
Adam Shih
c6111a8666 review cbd 
Bug: 198532074
Test: boot with cbd started
Change-Id: Iced4bfaa9ea8e749cc0a8cb7a8da91abfc88d765
 2021-09-02 11:41:48 +08:00
Adam Shih
f5ed5632e2 review recovery related operations 
Bug: 196916111
Test: make sure the files are labeled correctly (ls -Z)
Change-Id: I735de8b9635c7852a18ec8f32733cb0a0abd38f3
 2021-08-30 14:45:29 +08:00
Adam Shih
ffc779eaa8 review chre 
Bug: 198109521
Test: boot with chre started
Change-Id: Ibca6cc3ca0049a412d36e433cb5dcb3363d60527
 2021-08-30 14:02:30 +08:00
Adam Shih
72ad95d1eb review vcd and remove obsolete declarations 
Bug: 196916111
Test: boot with vcd started
Change-Id: Ic82975e998dad4437c38afc625a7a88428417b7a
 2021-08-23 14:06:17 +08:00
Adam Shih
dcf0597594 review sced 
Bug: 196916111
Test: boot with sced started
Change-Id: I9140b5bc0f7ad4efedbbbcf58f9e773e5246df74
 2021-08-23 11:45:31 +08:00
Adam Shih
b12473a9de review modem_diagnostic_app 
Bug: 196916111
Test: boot with modem_diagnostic_app running
Change-Id: Ic79f2048f840845ba73cc4d0853371a50ce63317
 2021-08-18 11:07:37 +08:00
Adam Shih
c2582ecc01 review dmd sepolicy 
Bug: 196916111
Test: boot with dmd launched successfully
Change-Id: Ic962ab09dcd7697c27f9b2ab68400a0060573888
 2021-08-18 09:46:29 +08:00